Reputation: 579
openLDAP post-read control: value is absent
I'm trying to implement LDAP post-read control in my LDAP client application, and currently I can't figure out exactly how packet with controls has to be coded, so that openLDAP can recognize it. Being more specific - I have problem with controlValue field of postRead control.
According to RFC4527 - "controlValue, an OCTET STRING, contains a BER-encoded AttributeSelection [RFC4511],". From RFC4511 -
AttributeSelection ::= SEQUENCE OF selector LDAPString
-- The LDAPString is constrained to
-- <attributeSelector> in Section 4.5.1.8
So, this means (if I get it right) that controlValue is a "SEQUENCE OF LDAPStrings", and each LDAPStrings is a OCTET STRING containing name of some attribute. However, it seems that I've misunderstanded something, but can't figure out what.
Here is packet, that I send to openLDAP server:
Here is DUMP of packet, that I send to openLDAP server:
Below is the answear of server:
What is wrong?
Upvotes: 1
Views: 83
Answers (1)
Reputation: 579
I've figured it out. According to RFC 4511:
Control ::= SEQUENCE {
controlType LDAPOID,
criticality BOOLEAN DEFAULT FALSE,
controlValue OCTET STRING OPTIONAL }
And from RFC 4527:
controlValue, an OCTET
STRING, contains a BER-encoded AttributeSelection
Wich means that control value is not a "SEQUENCE OF LDAPStrings", but a OCTET STRING, wich contains that sequence. This solved the problem.
Upvotes: 2
Related Questions
- OpenLDAP ldapadd Invalid DN syntax (34)
- OpenLDAP invalid credentials immediately after setting credentials
- Error on operational attribute creation in OpenLDAP
- OpenLDAP Won't Set Encyrpted Password: attribute 'userPassword' is not present in entry
- Adding an entry to OpenLDAP
- How to add another LDAP entry in OPENLDAP using ldapadd
- openLDAP cn=config doesn't seem to be configured correctly
- OpenLDAP ppolicy
- LDAP parameters settings
- after ldaps config, ldapsearch does not display entries